| Electronicalization digitalization and networklization help to improve efficiency, open up new business, bring revenue and facilitate customers for banking system, meanwhile more complicated and serious security problems are introduced. Information security related problems become increasingly important in the whole banking system. How to carry out security analysis and design for banking system on the basis of a tight couple with real business, so as to improve the security of banking system from the aspect of real applications, currently becomes an urgent problem to be solved.This paper makes a tight couple with daily practices in banking system. With the guidance of a workflow-based security model for the protection of banking system and centering aroud protection techniques for business terminals and detecting techniques for invalid outward connections, we have carried out a thorough study. The following contents are studied in the thesis:1. For the disadvantage of traditional security models: vague target and loose coupling with real business process, a Workflow-based Security Model (WSM) for the protection of banking system is presented, which is carried out in a systematic engineering approach and tightly couples to real systems. This model emphasizes on proactive protection, makes breakthrough from general business workflow, takes multiple factors such as technology, people and management etc. into consideration, which is multi-layered, dynamic, proactive, coactive and practical and can well guide the analysis and protection design of banking system.2. On the basis of a in-depth study of dynamic-token based terminal antifalsification techniques, our efforts mainly goes for the design and implementation of business terminal's access control: including time control, router/switcher ACL control, ARP binding and MAC restriction, operation control, physical control and authorization control. This can effectively prevent invalid users from performing operations on banking business and valid users from misoperating, which has significant practicality in increasing the security of business terminals.3. Based on the study of current detecting techniques of invalid outward connection, the architectural design of a detecting system based on Windows OS kernel hidden technology is presented. Compared to current products, our implementation hides better, inspects broader and is more capable of getting through firewalls.Currently, the solution proposed in this paper has been applied to some branch banking system of Industrial and Commercial Bank, which proves to be an effective help to prevent inside and outside crime and a good guarantee to the security of the whole system. |
PDF Full Text Request